Check: FFOX-00-000012
Mozilla Firefox STIG:
FFOX-00-000012
(in version v6 r1)
Title
Firefox must be configured to prevent JavaScript from disabling or replacing context menus. (Cat II impact)
Discussion
A website may execute JavaScript that can remove or replace context menus/pop-up menus. This can help disguise an attack. Set this preference to "false" so that web pages will not be able to affect the context menu event.
Check Content
Type "about:policies" in the browser address bar. If "dom.event.contextmenu.enabled" is not displayed with a value of "false", this is a finding.
Fix Text
Windows group policy: 1. Open the group policy editor tool with "gpedit.msc". 2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Mozilla\Firefox\ Policy Name: Preferences Policy State: Enabled Policy Value: { "dom.event.contextmenu.enabled": { "Value": false, "Status": "locked" } } macOS "plist" file: Add the following: <key>Preferences</key> <dict> <key>dom.event.contextmenu.enabled</key> <dict> <key>Value</key> <false/> <key>Status</key> <string>locked</string> </dict> </dict> Linux "policies.json" file: Add the following in the policies section: "Preferences": { "dom.event.contextmenu.enabled": { "Value": false, "Status": "locked" } }
Additional Identifiers
Rule ID: SV-251556r807140_rule
Vulnerability ID: V-251556
Group Title: SRG-APP-000141
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000381 |
The organization configures the information system to provide only essential capabilities. |
Controls
Number | Title |
---|---|
CM-7 |
Least Functionality |